When source code is complied and converted into executable code (e.g., .exe or .dll code), some strings (e.g., strings enclosed in quotes “ ”) contained in the program source code are often left in the executable code in the form of plaintext easily readable and decipherable by a human reader. Such plaintext strings can be used as anchors for exploit and/or altering the executable code for unauthorized purposes, such as finding loopholes, devising security attacks, modifying critical data, etc. In order to improve data security, encryption and decryption of the plaintext strings in program files is needed.
In the prior art, a method for string encryption and decryption generally comprises the steps of:
Step S1: Scanning all the plaintext strings in the source code with a software development platform (e.g., Visual Studio, referred to as VS) tool.
Step S2: Substituting the plaintext strings by corresponding encrypted ciphertext strings in the source code and packaging them with decryption functions.
Step S3: Compiling the modified source code containing the substitution ciphertext strings to obtain executable code.
Step S4: Restoring the plaintext strings that have been substituted.
Step S5: Decrypting the ciphertext strings in real time when the program is running.
In the above method of string encryption and decryption, because the source code used in compiling is temporary source code containing substitution strings, namely the ciphertext strings, it is possible that the ciphertext strings may not match with the original plaintext strings after the debugging process. Moreover, risk exists in the substitution process itself. If an error occurs, it may cause the loss of the original source code containing the original plaintext strings, and the loss will be difficult to recover. Furthermore, due to the need for decrypting the ciphertext strings in real-time, if the plaintext string is called for frequently, it will affect the performance of the program. Additionally, in a multi-threaded mode, real-time decryption may require additional overhead for data locking, which may further affect the performance of the program, thus reducing the security in loading the program on the client terminal.